<<< Date Index >>>     <<< Thread Index >>>

Re: retrieving gpg-keys



G'day Jens,

* Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 15:30]:
> * Stewart V. Wright schrieb am 2004-11-07 um 19:16 Uhr:
> > * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 10:10]:
> > > I use random.sks.keyserver.penguin.de or subkeys.pgp.net as keyserver
> > > and auto-key-retrieve is set. However it doesn't seem to work.
> > 
> > Big hint here... RTFM for GnuPG.  auto-key-retrieve is described as:
> >         This option enables  the  automatic  retrieving  of
> >         keys  from  a  keyserver  when verifying signatures
> >         made by keys that are not on the local keyring.
> 
> Argl, I read over the "verifying signatures"-part.

Easily done.

> Maybe I didn't made myself clear. I don't want to query a keyserver for
> each mail I write. It should only happen when I want to write an
> encrypted mail *and* don't have the others key in my keyring.

Ah, apologies.  I see that you've actually thought this through (at least more 
than I usually do before posting a message! :-) )

> > The second major problem is the security aspect.  Having a key listed on 
> > one of the key servers means NOTHING.  There is no guarantee that a key 
> > that is listed as belonging to yourfriend@xxxxxxxxxxxx has anything to do 
> > with that person.  The security in Open-PGP comes from the Web of Trust - 
> 
> ACK.  But assume I want to write a mail to RMS. He is actually not in my
> keyring, but when calculating the path to him
> (<URL:http://webware.lysator.liu.se/jc/wotsap/?top=0x135EA668&bottom=0xEE0977E8>)
> I can be sure that 0x135EA668 is the right key. However in that (and
> case normally only then) I want to fetch the key from mutt.

Indeed.  I didn't realise that your key was as well connected as it is...  I 
guess the question now is, how does one code in the WoT into your key-getting 
gizmo?  You are one person away from RMS, but two away from me.  Is that close 
enough?  How about taking the sig types in to account?  I guess you should let 
gpg do that sort of leg work for you.

> Thanks for your hints. Maybe I will write something that solves that 
> problem.

Hmm...  A combination replacing your editor with a script that calls "gpg 
--search-keys" based on the To: CC: and BCC: lines and then opens an editor 
might be one way forward.

Please do post whatever you come up with - I'd like to see a solution.


Cheers,

S.

Attachment: signature.asc
Description: Digital signature